[gptalk] Re: vb scripts running from USB keys
- From: "Omar Droubi" <omar@xxxxxxxxxxxxxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Fri, 8 Jun 2007 09:23:43 -0700
I have to agree with Jamie's 1st response- the only real way to control
this is to block outbound web traffic at the gateway.
Any other attempt would be futile for a smart bunch of computer science
students whose only goal is to hack your network when they are bored in
computer lab.
I do like Darren's SRP recommendation to restrict cscript and wscript
but I wonder if that would come back and bite you later
Of course blocking port 80 at the gateway can affect every machine on
that network unless your student machines are segmented on a separate
network.
Also- the port 80 restriction could also require additional
configuration in every application that currently goes out to the
internet for updates, license checking and getting data from Internet
resources- without using proxy settings.
Do your students have admin rights and are any other browsers installed
on the workstations in question?
Omar
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Nelson, Jamie R Contr 72 CS/SCBAF
Sent: Friday, June 08, 2007 6:25 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: vb scripts running from USB keys
What about setting the proxy settings as per-machine rather than
per-user? That should prevent them from changing the keys under HKLM,
assuming of course that they don't have local admin rights on the
system. The only catch is that you can't configure the per-computer
proxy settings directly through Group Policy. You either have to write a
custom ADM for them or import a .reg file containing the settings at
computer startup. See this article for more details.
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=10097
Blocking direct port 80 outbound connections is the way most people do
it, but this should work for you.
//signed//
Jamie R Nelson
Systems Engineer
Ingenium Corporation
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Thursday, June 07, 2007 10:04 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: vb scripts running from USB keys
You might be able to restrict this using Software Restriction Policy
(assuming your clients are XP and above). I'm not sure if you use other
"legitimate" .vbs scripts in your environment, but you could use SRP to
block execution of cscript.exe and wscript.exe and that would prevent
all WSH scripts from running.
Darren
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Christine Whitewood
Sent: Thursday, June 07, 2007 5:09 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: vb scripts running from USB keys
Yes you are correct, I was hoping there would be a way with GPO
Chris Whitewood
Network Administrator
St Francis Xavier College
Beaconsfield/Berwick
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Nelson, Jamie R Contr 72 CS/SCBAF
Sent: Friday, 8 June 2007 10:02 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: vb scripts running from USB keys
I assume you mean that they are getting to websites they are not
supposed to by turning off the proxy settings in their browsers?
If that is the case then you should block port 80 traffic outbound (only
allowing your proxy server out) on your external router so that users
can't get to the internet unless it is through your web proxy. That or
run a transparent proxy service.
If I am incorrect, please explain in more detail.
//signed//
Jamie R Nelson
Systems Engineer
Ingenium Corporation
________________________________
From: Christine Whitewood
Sent: Thu 6/7/2007 5:37 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] vb scripts running from USB keys
Can anyone tell me how to stop this happening? Our students are running
scripts that get them round our proxy.
Regards
Chris Whitewood
Network Administrator
St Francis Xavier College
Beaconsfield/Berwick
Other related posts:
